Commit Graph

2262 Commits (c62983bbdee18c2bab62ccd8ee1727b86243de76)

Author SHA1 Message Date
Akihiro Suda 09900f32dc
Merge pull request #1382 from tonistiigi/cache-loop
solver: avoid recursive loop on cache-export
2020-03-03 18:37:49 +09:00
Tõnis Tiigi f1ecc7824e
Merge pull request #1384 from AkihiroSuda/fuse-overlayfs
rootless: support fuse-overlayfs
2020-03-02 22:38:45 -08:00
Tonis Tiigi 09e8a06c04 client: improve cache key loop test
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2020-03-02 22:35:59 -08:00
Anca Iordache 8c65b5bbd5 Tests build with local cache export
- to detect infinite loop caused by circular dependencies

Signed-off-by: Anca Iordache <anca.iordache@docker.com>
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2020-03-02 22:35:59 -08:00
Tonis Tiigi 0010996598 solver: avoid recursive loop on cache-export
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2020-03-02 22:35:59 -08:00
Akihiro Suda 9f90f5a985 rootless: support fuse-overlayfs
While real overlayfs is available only in Ubuntu and Debian kernels,
fuse-overlayfs is universally available for kernel >= 4.18.

For dockerized deployment, `--device /dev/fuse` needs to be added to
`docker run` flags.

Kubernetes deployment needs a custom device plugin that enables
`/dev/fuse`, e.g. https://github.com/honkiko/k8s-hostdev-plugin

Instead of a device plugin, the device can be also enabled by setting
`securityContext.privileged` to `true`.

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2020-03-03 11:30:29 +09:00
Tõnis Tiigi 4d8d91bf49
Merge pull request #1379 from AkihiroSuda/update-containerd-20200225
vendor: update containerd (and various packages)
2020-02-27 21:06:18 -08:00
Akihiro Suda 7b579cdb98 vendor: update containerd (and various packages)
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2020-02-28 10:24:10 +09:00
Akihiro Suda b55d2ff985
Merge pull request #1381 from tonistiigi/platforms-detect
update supported platforms without restart
2020-02-28 01:16:11 +09:00
Tonis Tiigi d1458a6587 update supported platforms without restart
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2020-02-26 08:15:42 -08:00
Akihiro Suda bb2f21b233
Merge pull request #1376 from tonistiigi/go-113-support
update to go1.13
2020-02-25 10:59:58 +09:00
Tonis Tiigi a60ecfa4ae vendor: restore dependency versions
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2020-02-24 17:31:01 -08:00
Zach Badgett 1efe7b145d Fix docker dependencies
Signed-off-by: Zach Badgett <zach.badgett@gmail.com>
2020-02-24 15:47:32 -08:00
Zach Badgett 820200aa1d Fix go.mod to be compatible with go1.13
Signed-off-by: Zach Badgett <zach.badgett@gmail.com>
2020-02-24 15:44:11 -08:00
Tõnis Tiigi d75ed2b682
Merge pull request #1361 from hinshun/frontend-inputs
Implement CapFrontendInput to pass llb.States to frontends
2020-02-24 14:55:49 -08:00
Edgar Lee 5ec7bc7713 Change FrontendInputs in backend API definitions to *pb.Definition
Signed-off-by: Edgar Lee <edgarl@netflix.com>
2020-02-24 14:38:01 -08:00
Edgar Lee b027a8572d Fix terminating op with non-zero output index, i.e. AddMount as final vertex
Signed-off-by: Edgar Lee <edgarl@netflix.com>
2020-02-24 14:38:01 -08:00
Edgar Lee 7e0f923181 Implement CapFrontendInput to pass llb.States to frontends
Signed-off-by: Edgar Lee <edgarl@netflix.com>
2020-02-24 14:38:01 -08:00
Tõnis Tiigi ae04ab49c4
Merge pull request #1375 from hinshun/non-refarray
Change wire format from ref arrays to singular refs while maintaining backwards compatibility
2020-02-24 14:32:22 -08:00
Edgar Lee 635e7f0ce0 Change wire format from ref arrays to singular refs while maintaining backwards compatibility
Signed-off-by: Edgar Lee <edgarl@netflix.com>
2020-02-21 13:58:28 -08:00
Tõnis Tiigi 332cdb5e25
Merge pull request #1355 from tonistiigi/mounts-deadlock
ops: fix deadlock on releasing shared mounts
2020-02-21 10:34:57 -08:00
Tibor Vass adde225dcb
Merge pull request #1180 from Code0x58/expand-expansion
Expand shell variable expansion - add mandatory variables
2020-02-20 17:26:06 -08:00
Tõnis Tiigi 89978e7069
Merge pull request #1370 from thaJeztah/bump_crypto
vendor: golang.org/x/crypto v0.0.0-20200214034016-1d94cc7ab1c6
2020-02-19 10:16:01 -08:00
Sebastiaan van Stijn b1b5f2e626
vendor: golang.org/x/crypto v0.0.0-20200214034016-1d94cc7ab1c6
full diff: c2843e01d9...1d94cc7ab1

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-02-19 13:01:06 +01:00
Akihiro Suda 2f5ad30ae5
Merge pull request #1351 from tonistiigi/security-devices
mount whitelist of devices on insecure security mode
2020-02-14 16:52:26 +09:00
Akihiro Suda 3c53f48f22
Merge pull request #1365 from tonistiigi/base-upt
dockerfile: update static base images
2020-02-13 15:52:11 +09:00
Tonis Tiigi eccae3e469 dockerfile: update static base images
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2020-02-12 22:02:10 -08:00
Akihiro Suda b5fb8c4428 Merge pull request #1356 from tonistiigi/lazy-results
solver: evaluate solve results lazily
2020-02-10 00:15:43 +09:00
Tonis Tiigi b0e76973ee solver: use correct context for getting cache managers lazily
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2020-02-06 15:11:49 -08:00
Tibor Vass 0b130cca04
Merge pull request #1357 from AkihiroSuda/add-hinshun-maintainers
MAINTAINERS: add @hinshun
2020-02-06 12:16:02 -08:00
Akihiro Suda 9d2a0d318b MAINTAINERS: add @hinshun
@hinshun has been a very valuable contributor to the project,
especially for the solver component.

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2020-02-07 04:40:21 +09:00
Tonis Tiigi 8cfe2de889 solver: evaluate solve results lazily
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2020-02-05 15:29:43 -08:00
Tonis Tiigi b2fffc20d3 ops: add tests for shared and locked cache mounts
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2020-02-03 18:48:02 -08:00
Tonis Tiigi 6d907b6893 ops: fix deadlock on releasing shared mounts
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2020-02-03 18:47:42 -08:00
Tonis Tiigi bf2dc85f80 ops: refactor cache mounts to have unit tests
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2020-02-03 15:00:22 -08:00
Tibor Vass 98ce74b987
Merge pull request #1352 from tonistiigi/windows-build-fix
file: fix compilation on windows
2020-01-30 20:49:19 -08:00
Tonis Tiigi e0e29722e2 file: fix compilation on windows
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2020-01-30 20:21:40 -08:00
Tonis Tiigi 8f52339933 dockerfile: add test for whitelisted devices
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2020-01-30 18:43:04 -08:00
Tonis Tiigi 572a2b5718 entitlements: mount loop devices relative to next free device
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2020-01-30 13:47:44 -08:00
Tonis Tiigi fc186a8b89 oci: mount whitelist of devices on insecure security mode
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2020-01-30 13:07:29 -08:00
Tibor Vass fac9c1b402
Merge pull request #1342 from tonistiigi/userns-chown
fileop: keep correct user for parent dir on userns
2020-01-30 11:26:24 -08:00
Tõnis Tiigi 3cd32c0c25
Merge pull request #1347 from TBBle/run_hack_util_with_bash
Remove bashism from shared shell script
2020-01-29 10:02:02 -08:00
Tõnis Tiigi 6f4420b3c1
Merge pull request #1314 from TBBle/low_hanging_windows_fruit
Low-hanging Windows fruit
2020-01-29 10:01:23 -08:00
Paul "TBBle" Hampson b9cf317850 Distinguish containerd failure from process exit code
Signed-off-by: Paul "TBBle" Hampson <Paul.Hampson@Pobox.com>
2020-01-30 00:39:11 +11:00
Paul "TBBle" Hampson e11b881c12 Set sensible defaults for Windows installations
Non-packaged execution will need this to be overridden anyway, and it
avoids a surprise "Drop state data into the current working directory"
event.

Signed-off-by: Paul "TBBle" Hampson <Paul.Hampson@Pobox.com>
2020-01-30 00:34:44 +11:00
Paul "TBBle" Hampson 2bee17a65a Don't always fail euid check on Windows
The check for running as a non-admin euid() doesn't work on Windows,
always returning -1.

For now, treat -1 as "Probably root", and let the failures happen later.

Signed-off-by: Paul "TBBle" Hampson <Paul.Hampson@Pobox.com>
2020-01-30 00:34:44 +11:00
Paul "TBBle" Hampson e801cc8238 Recognise Runtime V2 containerd plugins
This makes this code successfully discover the Windows Runtime V2
(hcsshim-based) plugin now that the Windows Runtime V1 (runhcs-based)
plugin has been removed upstream.

Signed-off-by: Paul "TBBle" Hampson <Paul.Hampson@Pobox.com>
2020-01-30 00:34:44 +11:00
Paul "TBBle" Hampson c67499de09 Create a new Error when there is no Error to wrap
Wrapping a `nil` error produces `nil`, which causes the calling code to
see success, and continue on with a default-created WorkerOpt, which
causes segfaults later.

Signed-off-by: Paul "TBBle" Hampson <Paul.Hampson@Pobox.com>
2020-01-30 00:34:44 +11:00
Paul "TBBle" Hampson 1036fafffa Support npipe the same way we support Unix sockets
The same function used to support Unix sockets automatically supports
Named Pipes on Windows.

This makes the default configuration option for the daemon address work
correctly on Windows.

Signed-off-by: Paul "TBBle" Hampson <Paul.Hampson@Pobox.com>
2020-01-30 00:34:43 +11:00
Paul "TBBle" Hampson 539b08cd5d Remove bashism from shared shell script
This file is consumed by both validate-vendor (inside an Alpine-based
Docker container where bash is not installed), and the other scripts.

Apart from validate-vendor, all the other scripts in hack/ use bash.

Fixes CI logging a complaint:
> ./hack/validate-vendor: 31: [: pull_request: unexpected operator

Signed-off-by: Paul "TBBle" Hampson <Paul.Hampson@Pobox.com>
2020-01-30 00:20:51 +11:00